Syslinux - Oct 2002 - wierd problem concerning directory, symlinks, chroot

hello,

i'm having a wierd problem with 0.31 tftpd-hpa.

i'm using xinetd, with this config:

service tftp
{
        disable = no
        socket_type             = dgram
        wait                    = yes
        user                    = root
        log_on_failure          += USERID
        bind                    = 10.13.0.254
        server                  = /usr/sbin/in.tftpd
        nice                    = 5
        instances               = UNLIMITED
        per_source              = UNLIMITED
        cps                     = 200 20
        server_args             = -p -v -v -u nobody -c
}

with this config, nothing appears to work:
Oct 29 13:53:37 nsite-mpls-1 in.tftpd[4698]: RRQ from 10.13.0.60 filename
aaa-config
Oct 29 13:53:37 nsite-mpls-1 in.tftpd[4698]: sending NAK (2, Access violation)
to 10.13.0.60

mind you that aaa-config shouldn't have any permissions problems:
[13:54:20] nsite-mpls-1:/tftpboot> ls -l aaa-config
-rwxrwxrwx    1 mbrown   named        1072 Mar  5  2002 aaa-config

with these server args:
 -p -v -v -u nobody -c /tftpboot

Oct 29 13:56:54 nsite-mpls-1 in.tftpd[5202]: RRQ from 10.13.0.60 filename
aaa-config
Oct 29 13:56:54 nsite-mpls-1 in.tftpd[5202]: sending NAK (2, Access violation)
to 10.13.0.60

the only server args that appear to work are:
 -p -v -v -u nobody -c -s /tftpboot

but this does a chroot onto /tftpboot. i have symlinks going outside of
/tftpboot, so those directories/files are unreachable.

any ideas of how to get around this problem?

--
 Aamer Akhter / aa at cisco.com
 NSITE - cisco Systems

Aamer Akhter wrote:
> hello,
> 
> i'm having a wierd problem with 0.31 tftpd-hpa.
> 
> i'm using xinetd, with this config:
> 
> service tftp
> {
>         disable = no
>         socket_type             = dgram
>         wait                    = yes
>         user                    = root
>         log_on_failure          += USERID
>         bind                    = 10.13.0.254
>         server                  = /usr/sbin/in.tftpd
>         nice                    = 5
>         instances               = UNLIMITED
>         per_source              = UNLIMITED
>         cps                     = 200 20
>         server_args             = -p -v -v -u nobody -c
> }
> 
> with this config, nothing appears to work:
> Oct 29 13:53:37 nsite-mpls-1 in.tftpd[4698]: RRQ from 10.13.0.60 filename
> aaa-config
> Oct 29 13:53:37 nsite-mpls-1 in.tftpd[4698]: sending NAK (2, Access
violation)
> to 10.13.0.60
> 
> mind you that aaa-config shouldn't have any permissions problems:
> [13:54:20] nsite-mpls-1:/tftpboot> ls -l aaa-config
> -rwxrwxrwx    1 mbrown   named        1072 Mar  5  2002 aaa-config
> 
> with these server args:
>  -p -v -v -u nobody -c /tftpboot
> 
> Oct 29 13:56:54 nsite-mpls-1 in.tftpd[5202]: RRQ from 10.13.0.60 filename
> aaa-config
> Oct 29 13:56:54 nsite-mpls-1 in.tftpd[5202]: sending NAK (2, Access
violation)
> to 10.13.0.60
> 
> the only server args that appear to work are:
>  -p -v -v -u nobody -c -s /tftpboot
> 
> but this does a chroot onto /tftpboot. i have symlinks going outside of
> /tftpboot, so those directories/files are unreachable.
> 
> any ideas of how to get around this problem?
> 
At this time, where is no way to do what you want it to do.  I have a
patch that may resolve this, but it's not yet integrated and I have to
decide if I want to integrate it.

	-hpa

Aamer Akhter wrote:
> 
> with this config, nothing appears to work:
> Oct 29 13:53:37 nsite-mpls-1 in.tftpd[4698]: RRQ from 10.13.0.60 filename
> aaa-config
> Oct 29 13:53:37 nsite-mpls-1 in.tftpd[4698]: sending NAK (2, Access
violation)
> to 10.13.0.60
> 
> mind you that aaa-config shouldn't have any permissions problems:
> [13:54:20] nsite-mpls-1:/tftpboot> ls -l aaa-config
> -rwxrwxrwx    1 mbrown   named        1072 Mar  5  2002 aaa-config
> 
You must get the client to send the filename as /tftpboot/aaa-config to
use this configuration.

	-hpa